Senior Information Security Engineer
New York City
Yext
Yext is the leading digital presence platform for multi-location brands, powering the knowledge behind every customer engagement.Yext (NYSE: YEXT) is building the next big thing in AI search, and the next big thing is answers.
With the explosion of information and data online, search has never been more important. However, while the world of consumer search has innovated over time, enterprise search has not. In fact, the majority of enterprise search is powered by outdated keyword technology that only scans for keywords and delivers a list of hyperlinks rather than actually answering questions. Yext, the AI Search Company, offers a modern, AI-powered Answers Platform that understands natural language so that when people ask questions about a business online they get direct answers – not links.
We have a big, audacious mission to transform the enterprise with AI search. To achieve that, we need bright minds and diverse perspectives to join our growing company and help us continue to disrupt an industry. Does this sound like you?
The Senior Information Security Engineer is responsible for the implementation, execution and maintenance of technology solutions to mitigate risk, to protect the IT and Engineering environments by reducing the probability of, and to minimize the effects of, damage caused by malware, malicious activities and security events. The individual will help protect the company by deploying, tuning, and managing security tools across the computing environment, as well as providing security incident response cycle support. The candidate should be able to demonstrate both technical capabilities and in-depth knowledge of various network and security concepts, technologies, and best practices.
What You'll Do
- Serve as a technical expert for project teams throughout the implementation and maintenance of assigned information security solutions; defines and oversees the documentation of detailed standards (e.g., guidelines, processes, procedures).
- Designing secure systems and network architectures, maintain Security Information and Event Management (SIEM) Infrastructure which includes performance tuning, event collection, and use case development on the departments security stack
- Implement the cybersecurity requirements of Systems, and networks, documenting them in formal security engineering documents using the Risk Management Framework and supporting artifacts associated with risk assessments.
- Responsible for advanced hunting for Cybersecurity threats/vulnerabilities and assisting with their remediation, maintaining/operating the portfolio of security tools, creating/maintaining run books and performing troubleshooting.
- Build and upgrade security posture for compliance with SOC, SOX, HIPAA, and PCI-DSS
- Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security environment while constantly identifying areas of needed improvement
- Lead the technical evaluation of new security technologies that address both current and future needs based on emerging threats and industry trends.
- Designs and leads internal and external penetration validation testing to ensure that computer systems are up to date relative to all operating systems, patches, and virus protection software.
- Maintain Information Security communication channels and establish communication requirements, internally and to external parties
- Foster and promote collaboration among all members of the IT, Infrastructure, and Risk Management Departments
- Collect data for metrics and generate reports; assist the Information Security Director in developing policies and procedures for logging, monitoring response and escalations
- Assist in cloud security activities such as configuration assessments, posture management and other intrusive/simulation led tasks
What You Have
- BS or MS in Computer Science or related field
- 7+ years of cybersecurity experience
- Must have strong experience writing and using Ansible server administration scripts, create simple Python, BASH and Powershell scripts to automate cybersecurity functions
- Must have experience in deployment, development, and maintenance of SIEM,
- Must have experience performing threat hunting and incident response duties using SIEM tools, cybersecurity management consoles, and ticketing systems
- Scripting experience to automate security operations, alerting, and compliance checks, CI/CD design, deployment, and management
- Experience with managing DLP/antivirus anti-malware/endpoint response and detection infrastructure and endpoints at the enterprise level, including performing upgrades to the back end application and deploying new agent versions to endpoint
- Experience maintaining industry-leading security technologies or infrastructure systems in complex technical IT operations environment
- Patching and configuration of Linux systems; Configuring delegated access control on Linux systems
- Ability to communicate effectively both verbal and written; excellent interpersonal skills
- Must be detail-oriented and organized with the ability to handle competing demands while meeting deadlines
- Experience in authentication protocols and frameworks to include OAuth, and AWS IAM
- Exceptional troubleshooting and analytical skills
- Proactive and motivated; team player with a positive can-do attitude
Bonus Points
- SANS, ISACA, ISC2 Security and cloud certifications (CISSP, eJPT, OSCP, CySA+, GCIA, Sec+, CEH, CCSP, AWS, Azure, Google Cloud Platform)
- At least 2 years of experience in a large enterprise SOC environment, preferably in a consultant type role
- Any advanced white, red, purple, or blue team experience involving directed missions, custom tool creation, operations evaluation, and thinking like the attacker
#LI-JM1
Yext is committed to building an inclusive and diverse culture where every person is seen, heard and valued. We believe in equal employment opportunity and welcome employees and applicants of all races, colors, ethnicities, religions, creeds, national origins, ancestries, genetics, sexes, pregnancy or childbirth, sexual orientations, genders (including gender identity or nonbinary or nonconformity and/or status as a trans individual), ages, physical or mental disabilities, citizenships, marital, parental and/or familial status, past, current or prospective service in the uniformed services, or any characteristic protected under applicable law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. It is Yext’s policy to provide reasonable accommodations to people with disabilities as required by law. If you have a disability that requires an accommodation in completing this application, interviewing, or participating in the employee selection process, please complete this form.
Tags: Ansible AWS Azure Bash Blue team CCSP CEH CI/CD CISSP Cloud Compliance Computer Science GCIA GCP HIPAA IAM Incident response ISACA Linux Malware Monitoring OSCP PowerShell Python Risk management SANS Scripting SIEM Vulnerabilities
Perks/benefits: Salary bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Application security-related jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open DevSecOps-related jobs